Tuesday, December 20th, 2011

Will We Even Know if We Enter a Full-Surveillance Society?

If you're not following the Carrier IQ story, it's the flip side of the User Agreement Trust Economy. It's the modern tale: Who Secretly Owns Your Data and What Do They Do With It? For background of the story to date, here's a fairly good timeline. Carrier IQ gathers diagnostic information on some phones; it may or may not actually keylog what you type on your phone; it may or may not sometimes or always gather the passwords you enter on your phone; and, according to the FBI's refusal to release information, it may or may not have actually turned over information to law enforcement. (Carrier IQ denies all of this.) Sprint has now disabled it on some or all of their phones. Most interesting is that Carrier IQ came in hot and legal immediately, trying to shut down the fellow who first started posting about the keylogging; then someone wrangled some sense into them about not appearing totally evil. Super-geeks will enjoy reading their recently released report that explains their product. Unfortunately, that document explains that their product sometimes "accidentally" records text messages. To be fair, if our stealth drones had this, we wouldn't have to ask for them back from other countries probably.

4 Comments / Post A Comment

Matthew Phelan (#10,133)

It bugs me that no one has commented on this yet. (Does it need to be in a listicle?)

Tangent: Whether he's playing one of the dim baggage handlers in "Trading Places," or defending us against Carrier IQ in the U.S. Senate, Al Franken can't seem to do anything wrong by me.

iplaudius (#1,066)

I do not want to defend Carrier IQ—they deserve all of the legal trouble and investigations coming their way. I do want to emphasize that the Eckhart did not demonstrate that the Carrier IQ software was transmitting every keystroke, every text message, and so forth. He demonstrated that such logging occurred locally when the device is put in debugging mode.

Expert sources quoted by the LA Times stopped short of defending Carrier IQ, but they did challenge Eckhart's conclusions:

"It's not true," said Dan Rosenberg, a senior consultant at Virtual Security Research, who said the video shows only diagnostic information and at no point provides evidence the data is stored or sent back to Carrier IQ.

"I've reverse engineered the software myself at a fairly good level of detail," Rosenberg said. "They're not recording keystroke information, they're using keystroke events as part of the application."

Eckhart did demonstrate many things successfully (in my opinion):
- that the Carrier IQ software is installed surreptitiously
- that it cannot be easily disabled or uninstalled
- that it is typically not described in the privacy agreements
- that is is granted a level of access not commensurate with its purpose and certainly inappropriate given the lack of notice to the user.
For these reasons, I believe that his characterization of the software as a "rootkit" was fair and accurate.

CatsInBags (#3,656)

Not to freak you guys out or anything, but you are currently on Karl Rove's secret list of bearded men.

Post a Comment